BearWave is currently in a public beta phase. Security reports are very welcome and should be handled carefully, especially since BearWave processes external internet radio streams and metadata.
During the beta phase, security fixes target the latest code on main and the most recent published release when practical.
Older releases are not guaranteed to receive backported fixes. Users should update to the latest available release after a security fix is published.
Please do not open a public issue for a vulnerability before it has been reviewed.
Preferred reporting path:
- Use GitHub's private vulnerability reporting / security advisory feature for this repository, if available.
- If private reporting is not available, contact the maintainer through GitHub and request a private disclosure channel.
Include as much detail as possible:
- Affected BearWave version or commit SHA
- Operating system and desktop environment
- Steps to reproduce the issue
- Potential impact of the vulnerability